Samsung evolving KNOX into complete mobile device management solution

Samsung introduced KNOX at the 2013 Mobile World Congress (MWC). It is a secure app and data container for Samsung mobiles, backed by hardware, enabling businesses to run apps that are isolated from a user’s personal apps (which might include badly behaved or even malicious apps). Data is encrypted so that business secrets are safe if the device goes astray.

The core of Knox is a hardware process called TIMA (Trustzone Integrity Measurement). This checks for tampering in the core operating system (trusted boot) and sets a tamper bit if it detects a problem. The tamper bit cannot be set in software alone.

A device with KNOX activated can be flipped between personal and business (KNOX) personalities. It is like having two smartphones in one. Whether this is a desirable approach is up for debate, but it does secure business apps and data.

We did not hear much about KNOX after last year’s MWC. It was released a few months later, but snags included limited device support (only the latest Samsung devices), the need to prepare apps with a special KNOX wrapper before they could be used, and the need to hire a Samsung partner like Centrify to provide administration tools.

All that has changed following last night’s announcement of the next generation of KNOX. Highlights:

Most apps can now be installed in KNOX without any special wrapper

You can use a third-party container such as Good, Fixmo Safezone, or MobileIron AppConnect in place of the KNOX container, but still using KNOX hardware protection.

Two factor authentication (for example requiring a fingerprint swipe as well as a password to access a KNOX container)

Samsung has introduced a cloud-based Mobile Device Management (MDM) tool called KNOX EMM (Enterprise Mobility Management). This runs on Microsoft’s Azure platform and integrates with Azure Active Directory (which can itself link to on-premise Active Directory) so that small businesses on Office 365, or large businesses which prefer a cloud tool, can manage both Knox and other devices. EMM is primarily aimed at SMEs but apparently can scale up without limit.

EMM will also support non-Samsung devices.

EMM includes an app marketplace allowing businesses to purchase and deploy apps. The example we were shown was the Box cloud storage service.